Method and system for validating software code

ABSTRACT

A method and system is provided for validating software code provided to a user entity by a software provider. In general terms, the user entity encrypts first data, provides it to the software provider, and receives back an indication that the code is valid only if the software provider has been able to correctly decrypt the encrypted first data, such decryption only being possible using an appropriate decryption key provided by a party with rights in the software code. More particularly, the user entity encrypts the first data using, as encryption parameters, both an encryption key string comprising said software code or a representation thereof, and public data of the aforesaid party. A decryption key appropriate for correctly decrypting the encrypted first data is provided to the software provider by the party with rights in the software code, only if the software code provided to the user entity is valid. Generation of this key by the party is effected using both private data related to the party&#39;s public data, and the encryption key string or a corresponding reference string based on a reference version of the software code.

FIELD OF THE INVENTION

[0001] The present invention relates to a method and system forvalidating software code provided to a user entity by a softwareprovider.

BACKGROUND OF THE INVENTION

[0002] As the use of the Internet has increased so, correspondingly hasinterest in the availability of services over the Internet. Inparticular it has become commonplace for software distributors toprovide web sites where software, for example software plugins, freewaresoftware, open-source code, and commercial software can be downloaded.

[0003] However, a problem associated with the downloading of softwareover the Internet is the ability of the downloading party to verify theauthenticity of the downloaded software. For example, it is desirablefor the down loader to be able to determine whether the downloadedsoftware is in its original form and has not been modified or tamperedwith and/or whether the software distributor is licensed to provide thesoftware.

[0004] A solution to this problem has been the use of digitalcertificates that are used by the software producers to digitally signthe software; thus allowing the downloading party to verify theintegrity of the software by verifying that the digital signaturebelongs to the appropriate software producer.

[0005] However, this solution requires that the downloading partymaintain a database of appropriate digital certificates that has to bekept up to date to reflect the latest digital certificates. Further,this solution provides no opportunity for the software producers toobtain visibility as to who is being provided access to their software.

[0006] It is desirable to improve this situation.

[0007] The present invention is in part based on the appreciation thatIdentifier-Based Encryption (IBE) has certain properties that can beadapted for use in verifying the authenticity of software code.

[0008] Identifer-Based Encryption (IBE) is an emerging cryptographicschema. In this schema (see FIG. 1 of the accompanying drawings), a dataprovider 10 encrypts payload data 13 using both an encryption key string14, and public data 15 provided by a trusted authority 12. This publicdata 15 is derived by the trusted authority 12 using private data 17 anda one-way function 18. The data provider 10 then provides the encryptedpayload data <13>to a recipient 11 who decrypts it or has it decrypted,using a decryption key computed by the trusted authority 12 based on theencryption key string and its own private data.

[0009] A feature of identifier-based encryption is that because thedecryption key is generated from the encryption key string, itsgeneration can be postponed until needed for decryption.

[0010] Another feature of identifier-based encryption is that theencryption key string is cryptographically unconstrained and can be anykind of string, that is, any ordered series of bits whether derived froma character string, a serialized image bit map, a digitized soundsignal, or any other data source. The string may be made up of more thanone component and may be formed by data already subject to upstreamprocessing. In order to avoid cryptographic attacks based on judiciousselection of a key'string to reveal information about the encryptionprocess, as part of the encryption process the encryption key sting ispassed through a one-way function (typically some sort of hash function)thereby making it impossible to choose a cryptographically-prejudicialencryption key string. In applications where defence against suchattacks is not important, it would be possible to omit this processingof the string.

[0011] Frequently, the encryption key string serves to ‘identify’ theintended message recipient and this has given rise to the use of thelabel “identifier-based” or “identity-based” generally for cryptographicmethods of the type under discussion. However, depending on theapplication to which such a cryptographic method is put, the string mayserve a different purpose to that of identifying the intended recipientand, indeed, may be an arbitrary string having no other purpose than toform the basis of the cryptographic processes. Accordingly, the use ofthe term “identifier-based” or “IBE” herein in relation to cryptographicmethods and systems is to be understood simply; as implying that themethods and systems are based on the use of a cryptographicallyunconstrained string whether or not the string serves to identify theintended recipient Generally, in the present specification, the term“encryption key string” or “EKS” is used rather than “identity string”or “identifier string”.

[0012] A number of IBE algorithms are known and FIG. 2 indicates, forthree such algorithms, the following features, namely:

[0013] the form of the encryption parameters used, that is, theencryption key string and the public data of the trusted authority (TA);

[0014] the conversion process applied to the encryption key string toprevent attacks based on judicious selection of this string;

[0015] the primary encryption computation effected;

[0016] the form of the encrypted output.

[0017] The three prior art IBE algorithms to which FIG. 2 relates are:

[0018] Quadratic Residuosity (QR) method as described in the paper: C.Cocks, “An identity based encryption scheme based on quadraticresidues”, Proceedings of the 8^(th) IMA International Conference onCryptography and Coding LNCS 2260, pp 360-363, Springer-Verlag, 2001. Abrief description of this form of IBE is given hereinafter.

[0019] Bilinear Mappings p using, for example, a Tate pairing l or Weilpairing ê. Thus, for the Weil pairing:

ê: G₁×G₁→G₂

[0020] where G₁ and G₂ denote two algebraic groups of prime order q andG₂ is a subgroup of a multiplicative group of a finite field. The Tatepairing can be similarly expressed though it is possible for it to be ofasymmetric form:

t: G₁×G₀→G₂

[0021] where G₀ is a further algebraic group the elements of which arenot restricted to being of order q. Generally, the elements of thegroups G₀ and G₁ are points on an elliptic curve though this is notnecessarily the case. A description of this form of IBE method, usingWeil pairings is given in the paper: D. Boneh, M.Franklin—“Identity-based Encryption from the Weil Pairing” in Advancesin Cryptology—CRYPTO 2001, LNCS 2139, pp. 213-229, Springer-Verlag,2001.

[0022] RSA-Based methods The RSA public key cryptographic method is wellknown and in its basic form is a two-party method in which a first partygenerates a public/private key pair and a second party uses the firstparty's public key to encrypt messages for sending to the first party,the latter then using its private key to decrypt the messages. A variantof the basic RSA method, known as “mediated RSA”, requires theinvolvement of a security mediator in order for a message recipient tobe able to decrypt an encrypted message. An IBE method based on mediatedRSA is described in the paper “Identity based encryption using mediatedRSA”, D. Boneh, X. Ding and G. Tsudik, 3rd Workshop on InformationSecurity Application, Jeju Island, Korea, August, 2002.

[0023] A more detailed description of the QR method is given below withreference to the entities depicted in FIG. 1 and using the same notationas given for this method in FIG. 2. In the QR method, the trustedauthority's public data 15 comprises a value N that is a product of tworandom prime numbers p and q, where the values of p and q are theprivate data 17 of the trusted authority 12. The values of p and qshould ideally be in the range of 2⁵¹¹ and 2⁵¹² and should both satisfythe equation: p,q≡3 mod 4. However, p and q must not have the samevalue. Also provided is a hash function # which when applied to a stringreturns a value in the range 0 to N−1.

[0024] Each bit of the user's payload data 13 is then encrypted asfollows:

[0025] The data provider 10 generates random numbers t₊ (where t₊ is aninteger in the range [0, 2^(N)]) until a value of t₊ is found thatsatisfies the equation jacobi(t₊,N)=m′, where m′ has a value of −1 or 1depending on whether the corresponding bit of the user's data is 0 or 1respectively (As is well known, the jacobi function is such that wherex²≡#modN the jacobi (#, N)=−1 if x does not exist, and =1 if x doesexist). The data provider 10 then computes the value:

s ₊≡(t ₊ +K/t ₊)modN

[0026] where: s₊ corresponds to the encrypted value of the bit m′concerned, and

K=#(encryption key string)

[0027] Since K may be non-square, the data provider additionallygenerates additional random numbers t⁻ (integers in the range [0,2^(N))) until one is found that satisfies the equation jacobi(t⁻,N)=m′.The data provider 10 then computes the value:

s ⁻≡(t ⁻ −K/t ⁻)modN

[0028] as the encrypted value of the bit m concerned

[0029] The encrypted values s₊ and s⁻ for each bit m′ of the user's dataare then made available to the intended recipient 11, for example viae-mail or by being placed in a electronic public area; the identity ofthe trusted authority 12 and the encryption key string 14 will generallyalso be made available in the same way.

[0030] The encryption key string 14 is passed to the trusted authority12 by any suitable means; for example, the recipient 11 may pass it tothe trusted authority or some other route is used—indeed, the trustedauthority may have initially provided the encryption key string. Thetrusted authority 12 determines the associated private key B by solvingthe equation:

B²≡K modN (“positive” solution)

[0031] If a value of B does not exist, then there is a value of B thatis satisfied by the equation:

B ² ≡−K modN (“negative” solution)

[0032] As N is a product of two prime numbers p, q it would be extremelydifficult for any one to calculate the decryption key B with onlyknowledge of the encryption key string and N. However, as the trustedauthority 12 has knowledge of p and q (i.e two prime numbers) it isrelatively straightforward for the trusted authority 12 to calculate B.

[0033] Any change to the encryption key string 14 will result in adecryption key 16 that will not decrypt the payload data 13 correctly.Therefore, the intended recipient 11 cannot alter the encryption keystring before supplying it to the trusted authority 12.

[0034] The trusted authority 12 sends the decryption key to the datarecipient 11 along with an indication of whether this is the “positive”or “negative” solution for B.

[0035] If the “positive” solution for the decryption key has beenprovided, the recipient 11 can now recover each bit m′ of the payloaddata 13 using:

m′=jacobi(s ₊+2B,N)

[0036] If the “negative” solution for the decryption key B has beenprovided, the recipient 11 recovers each bit m′ using:

m′=jacobi(s ⁻+2B,N)

SUMMARY OF THE INVENTION

[0037] In accordance with a first aspect of the present invention thereis provided a method of validating software code provided to a userentity by a software provider. wherein:

[0038] the user entity encrypts first data, provides it to the softwareprovider, and receives back a valid indication that the code is validonly if the software provider has been able to correctly decrypt theencrypted first data, such decryption only being possible using anappropriate decryption key provided by a party with rights in thesoftware code;

[0039] the user entity encrypts the first data using, as encryptionparameters, both an encryption key string comprising said software codeor a representation thereof, and public data of said party,

[0040] the said appropriate decryption key is provided by said party tothe software provider only if the software code provided to the userentity is valid, generation: of this key by the party using both privatedata related to said public data, and the encryption key string or acorresponding reference string based on a reference version of thesoftware code.

[0041] In one embodiment, the party receives the encryption key stringvia the software provider and uses it to carry out at least onevalidation check of the software code provided to the user entity. Theparty also uses the received encryption key string, together with itsprivate data, to generate the aforesaid appropriate decryption key withthe proviso that the decryption key is only generated or only providedto the software provider, if the or each validation check issatisfactory. The validation checking can comprise a check on theintegrity of the software code and/or a check on the right of thesoftware provider to provide the software code to the user entity.

[0042] In another embodiment, the party is arranged to derive adecryption key using the reference string and its private data, wherebythis key only serves as the aforesaid appropriate decryption key if thesoftware code provided to the user entity is the same as the referenceversion.

[0043] In accordance with a second aspect of the present invention thereis provided a computer system comprising first, second aid thirdcomputing entities, wherein:

[0044] the first computing entity is arranged to receive software codefrom the second computing entity and to encrypt a first data set using,as encryption parameters, both an encryption key string comprising asecond data set corresponding to the software code provided by thesecond computing entity or a representation of that code, and publicdata of a party having rights in the software code; the first computingentity being further arranged to provide the encrypted first data set tothe second computing entity whereby to receive back a valid indicationthat the code is valid only if the second computing entity is able tocorrectly decrypt the encrypted first data, such decryption only beingpossible using an appropriate decryption key provided by the thirdcomputing entity;

[0045] the third computing entity is associated with said party havingrights in the software code and is arranged to provide the saidappropriate decryption key to the second computing entity only if thesoftware code provided to the first computing entity is valid, the thirdcomputing entity being arranged to generate this key using both privatedata related to said public data, and the encryption key string or acorresponding reference string based on a reference version of thesoftware code.

[0046] In accordance with a third aspect of the present invention thereis provided a computer system comprising a first computer entity forderiving an encryption key string using a first data set correspondingto software code or a representation of software code provided by asecond computer entity and encrypting a second data set with theencryption key string; communication means for providing the encryptedsecond data set to the second computer entity, wherein a third computerentity associated with a third party having rights in the software codeis arranged to provide to the second computer entity a decryption keyderived using the first data set to allow decryption of the encryptedsecond data set.

[0047] In accordance with a fourth aspect of the present invention thereis provided apparatus comprising:

[0048] first means for downloading software code over a network from asoftware provider,

[0049] second means for encrypting first data using both public data ofa party with rights in the software, and an encryption key stringcomprising said software code ok a representation thereof;

[0050] third means for providing the encrypted first data and saidencryption key string to the software provider;

[0051] fourth means for receiving back third data from the softwareprovider, and

[0052] fifth means for comparing the third data with the first data, andfor generating an indication that the software code is valid if thefirst and third data match.

[0053] The present invention also encompasses a computer program productfor use in implementing the foregoing apparatus.

BRIEF DESCRIPTION OF THE DRAWINGS

[0054] For a better understanding of the present invention and tounderstand how the same may be brought into effect reference will now bemade, by way of example only, to the accompanying drawings, in which:

[0055]FIG. 1 is a diagram illustrating the operation of a prior artencryption schema known as Identifier-Based Encryption;

[0056]FIG. 2 is a diagram illustrating how certain IBE operations areimplemented by three different prior art IBE methods; and

[0057]FIG. 3 is a diagram of an embodiment of the present invention.

BEST MODE OF CARRYING OUT THE INVENTION

[0058]FIG. 3 illustrates a computer system 30 according to an embodimentof the present invention. Computer system 30 includes a first computingentity 31, a second computing entity 32 and a third computing entity 33.Typically the three computing entities 31, 32, 33 are configured onseparate computer platforms, however the computing entities 31, 32, 33could be configured on a single computer platform. For the purposes ofthis embodiment, however, the three computing entities 31, 32, 33 arecoupled via the Internet 34.

[0059] Associated with the third computing entity 33 is a softwareproducer 35 that is configured to act as a trusted authority. Thesoftware producer 35 creates and generates software for distribution topotential users.

[0060] Associated with the second computing entity 12 is a softwaredistributor 18 that is arranged to distribute, via a web site (notshown), software produced by the software producer 15; however, as willbe appreciated by a person skilled in the art the software could bedistributed in a variety of ways, for example via email.

[0061] The first computing entity 31 is configured to allow a user 39 todownload software from the second computing entity 32 via the latter'swebsite (not shown).

[0062] To allow the user 19 to verify the authenticity of softwareavailable for downloading from the software distributor's web site (e.g.to determine whether the software has been modified or tampered withand/or whether the software distributor 18 has a licence to distributethe software), the system employs an Identifier-Based Encryption methodwith the computing entities 31, 32 and 33 having the roles of the dataprovider 10, data recipient 11 and trusted authority 12 of the FIG. 1IBE arrangement. In the following description of the FIG. 3 embodiment,it will be assumed that the IBE algorithm being used is the QR algorithmdescribed above with respect to FIG. 1.

[0063] More particularly, the software producer 35, acting as a trustedauthority, uses it private data p and q to generate a value of N whichit makes publicly available, along with an indication of the hashfunction #, as public data 37. As will be appreciated by a personskilled in the art the public data 37 can be made available in a varietyof ways, for example via a public web site (not shown). The softwareprovider 35 is also arranged to generate a QR decryption key from agiven encryption key string and its private data.

[0064] The user 19 is provided with QR encryption software; thissoftware is, for example: a software plug-in 40 obtained from thesoftware producer's web site (not shown) and installed within thecustomer's web browser (not shown). Preferably, the plug-in 40 embedsknowledge regarding the software producer's public data 37.

[0065] Similarly, the software distributor is provided with QRdecryption software obtained from the software provider 35 or from anyother suitable source.

[0066] To verify the authenticity of software downloaded from thesoftware distributor 38, the user 39, on downloading the software,derives from the software representation of the software (e.g. a hash ofthe software) a representative digital string of data bits (this stringcould be the complete software code). This string forms the encryptionkey string (EKS) of the FIG. 1 IBE arrangement. This string is thenused, together with the public data of the software producer 35, toencrypt a nonce (i.e. a random number) selected by the user 19; thedetails of the QR encryption process have already been given above andwill not be repeated here. The payload data that is encrypted can bedata other than a nonce.

[0067] The encrypted nonce and the encryption key string are provided tothe software distributor 38 by any suitable means, for example viae-mail or by being placed in a electronic public area.

[0068] When providing the encrypted nonce and the corresponding BKS, theuser 39 challenges the software distributor 38 to decrypt and return thenonce. In order to do this, the software distributor 38 must obtain adecryption key from the software producer 35 for which purpose thesoftware distributor 18 provides the encryption key string EKS to thesoftware producer 15. Since the EKS is a version of software orrepresentation of software downloaded by the user 39, the provision ofthe EKS to the software producer gives the latter the opportunity tocheck the validity of that software. This checking can comprise, forexample, a check on the integrity of the software relative to areference version held by the software producer 35, and/or a check thatthe software distributor 38 currently has the right to provide thesoftware to the user 39. Only if the software producer 35 is satisfiedwith the checks it has conducted, does it generate the QR decryption keyB from the provided EKS, and provide this decryption key back to thesoftware distributor 38. Of course, the software producer 35 cangenerate the decryption key in parallel with, or even before, carryingout its checks provided it delays making the decryption key available tothe software distributor until it is satisfied that the checks have beenpassed.

[0069] If the software producer 38 makes available the decryption key tothe software distributor 38, then provided the EKS that the softwaredistributor 38 passed to the software producer 35 was the same as thatused by the user 39 to encrypt the nonce, the decryption key will enablethe software distributor 38 to decrypt the nonce and return it to theuser 39, thereby re-assuring the latter that the software producer 35 issatisfied with the software that the user has downloaded. However, ifthe software distributor 38, knowing that the EKS used by the user 39will not be accepted by the software producer 35, seeks to fool theproducer 35 by substituting an acceptable EKS, then the decryption keyreturned by the software producer 35 will be unfit to correctlydecryption the nonce as the decryption key was not formed from the EKSused to encrypt the nonce.

[0070] Thus, the user 39 will be alerted to the existence of a problemwith the downloaded software by the failure of the software distributor38 to return the decrypted nonce either because the software producer 35refused to provide the appropriate decryption key or because the keyreturned was based on a false EKS.

[0071] It will be appreciated that many variants are possible to theabove-described embodiment of the invention. For example, if thesoftware producer 35 is informed by the software distributor 38 of theidentity of the software in respect of which the user 39 has issued itschallenge, the software producer 35 need not be provided with the EKSused by the user 39; instead, the software producer 35 can simplygenerate a decryption key for the software concerned using a referencekey string based on a reference version of the software (generation ofthe reference key string, and indeed of the decryption key, can be donein advance). Only if the EKS used by the user 39 is based on softwarecorresponding to the reference copy, will the decryption key beeffective to correctly decrypt the encrypted nonce provided by the user39.

[0072] Further, the EKS derived from the software could be madedependent on dynamic information, for example time and/or a randomnumber. In this case the verification of the software (i.e. thegeneration of the decryption key by the software producer 35 in responseto provision of the EKS by the software distributor 38) must be doneevery time the user 39 wishes to verify the software issued by thesoftware distributor 38. Since this directly involves the softwareproducer 35 in the challenge loop, this allows the software producer 35to accumulate evidence about misbehaviour both of certified and fakesoftware distributors.

[0073] Where the software producer 35 is arranged to derive thedecryption key using a reference key string based on a reference versionof the software, then the software producer 35 will need to be providedwith the dynamic information used in the EKS; typically the softwaredistributor 38 will be arranged to pass on this dynamic information tothe software producer. The software producer 35 can then form thereference key string using the dynamic information and the referenceversion of the software code or a representation thereof.

[0074] The use of dynamic information prevents certain misuses of theschema and prevents the use of inaccurate information that was valid atthe time of initial certification from being used fraudulently (e.g.prevents a software distributor from continuing to distribute softwareonce a licence has expired).

[0075] As already indicated, the data encrypted by the user 39 need notbe a nonce and could, for example, be an instruction; in this case, thesoftware distributor can, of course, only follow the instruction if ableto correctly decrypt it. The instruction might simply be for thesoftware distributor to provide an answer to a specified question.

[0076] The original challenge from the user 39 can be arranged to occurautomatically, for example, the first time the software concerned isexecuted by the user.

[0077] It may be noted that the software producer 35 could have multiplepublic datas 37. For example each “public data” could be associated to aparticular class of consumers. A consumer could be aware just of asubset of these public datas. This could allow the software producer 35to gather detailed information about categories of users of its service.

[0078] Whilst in the FIG. 3 embodiment the role of trusted authority istaken by the software producer, this role could be taken by a differentparty having rights in the software code such as a licensor oftechnology implemented by the software code. Similarly the partyproviding the software to the user need not be a software distributor assuch, merely a party involved in the provision of the software to theuser.

[0079] The communication between the various parties can make use ofstandard protocols such as HTTP and SOAP. Further, where required secureconnections can be established using secure protocols such as SSL.

[0080] It will be appreciated that instead of the QR IBE method, theabove-described embodiment can be implemented using any other suitableIBE algorithm, such as those mentioned above that use of Weil or Tatepairings, or are RSA based.

1. A method of validating software code provided to a user entity by asoftware provider, wherein: the user entity encrypts first data,provides it to the software provider, and receives back a validindication that the code is valid only if the software provider has beenable to correctly decrypt the encrypted first data, such decryption onlybeing possible using an appropriate decryption key provided by a partywith rights in the software code; the user entity encrypts the firstdata using, as encryption parameters, both an encryption key stringcomprising said software code or a representation thereof and publicdata of said party; the said appropriate decryption key is provided bysaid party to the software provider only if the software code providedto the user entity is valid, generation of this key by the party usingboth private data related to said public data, and the encryption keystring or a corresponding reference string based on a reference versionof the software code.
 2. A method according to claim 1, wherein thefirst data is a nonce.
 3. A method according to claim 1, wherein saidvalid indication that the code is valid is said first data correctlydecrypted from the encrypted first data.
 4. A method according to claim1, wherein said party receives the encryption key via the softwareprovider and uses it to carry out at least one validation check of thesoftware code provided to the user entity; the party also using thereceived encryption key string, together with said private data, togenerate the said appropriate decryption key with the proviso that thedecryption key is only generated or only provided the software provider,if the or each validation check is satisfactory.
 5. A method accordingto claim 4, wherein said at least one validation check comprises atleast one of: a check on the integrity of the software code; a check onthe night of the software provider to provide the software code to theuser entity.
 6. A method according to claim 4, wherein the encryptionkey string further comprises second data.
 7. A method according to claim6, wherein the second data is a random number.
 8. A method according toclaim 1, wherein said party is arranged to derive a decryption key usingsaid reference string and said private data, whereby this key onlyserves as said appropriate decryption key if the software code providedto the user entity is the same as said reference version.
 9. A methodaccording to claim 8, wherein the encryption key string furthercomprises second data, the second data being provided to said partywhich uses it, together with the reference version of the software codeor a representation thereof, to generate the decryption key.
 10. Amethod according to claim 9, wherein the second data is a random number.11. A computer system comprising first, second and third computingentities, wherein: the first computing entity is arranged to receivesoftware code from the second computing entity and to encrypt a firstdata set using, as encryption parameters, both an encryption key stringcomprising a second data set corresponding to the software code providedby the second computing entity or a representation of that code, andpublic data of a party having rights in the software code; the firstcomputing entity being further arranged to provide the encrypted firstdata set to the second computing entity whereby to receive back a validindication that the code is valid only if the second computing entity isable to correctly decrypt the encrypted first data, such decryption onlybeing possible using an appropriate decryption key provided by the thirdcomputing entity; the third computing entity is associated with saidparty having rights in the software code and is arranged to provide thesaid appropriate decryption key to the second computing entity only ifthe software code provided to the first computing entity is valid, thethird computing entity being arranged to generate this key using bothprivate data related to said public data, and the encryption key stringor a corresponding reference string based on a reference version of thesoftware code.
 12. A computer system according to claim 11, wherein thefirst data set is a nonce.
 13. A computer system according to claim 11,wherein the second computing entity is arranged to operate a web siteand to provide said software code via the web site.
 14. A computersystem according to claim 11, wherein said party is the softwareproducer.
 15. A computer system according to claim 11, wherein theencryption key string further comprises a third data set.
 16. A computersystem according to claim 15, wherein the third data set is a randomnumber.
 17. A computer system according to claim 15, wherein the thirdcomputing entity is arranged to derive a decryption key using saidreference string and said private data whereby this key only serves assaid appropriate decryption key if the software code provided to thefirst computing entity is the same as said reference version, the thirdcomputing entity being arranged to receive the third data set from thesecond computing entity and to form said reference string using thereceived third data set and the reference version of the software codeor a representation thereof.
 18. A computer system according to claim11, wherein the third computing entity is arranged to receive saidencryption key string via the second computing entity and to use it tocarry out validation of the software code provided to the firstcomputing entity, the third computing entity being arranged to derivethe decryption key using said encryption key string and/or to providethe decryption key to the second computing entity, only aftersatisfactory validation of the software code whereby the decryption key,if provided to the second computing entity, is said appropriatedecryption key.
 19. A computer system according to claim 18, wherein thethird computing entity is arranged to carry out validation of thesoftware code by checking at least one of: the integrity of the softwarecode; the right of the second computing entity to provide the softwarecode to the first computing entity.
 20. A computer system comprising afirst computer entity for deriving an encryption key string using afirst data set corresponding to software code or a representation ofsoftware code provided by a second computer entity and encrypting asecond data set with the encryption key string; communication means forproviding the encrypted second data set to the second computer entity,wherein a third computer entity associated with a third party havingrights in the software code is arranged to provide to the secondcomputer entity a decryption key derived using the first data set toallow decryption of the encrypted second data set.
 21. A computer systemaccording to claim 20, wherein the communication means provides theencryption key string to the third computer entity to allow validationof the first data set.
 22. A computer system according to claim 21,wherein the third computer entity provides the decryption key to thesecond computer entity on validation of the first data set. 23.Apparatus comprising: first means for downloading software code over anetwork from a software provider, second means for encrypting first datausing both public data of a party with rights in the software, and anencryption key string comprising said software code or a representationthereof; third means for providing the encrypted first data and saidencryption key string to the software provider; fourth means forreceiving back third data from the software provider, and fifth meansfor comparing the third data with the first data, and for generating anindication that the software code is valid if the first and third datamatch.
 24. Apparatus according to claim 23, wherein the first data is anonce.
 25. Apparatus according to claim 23, wherein the encryption keystring further comprises at least one of a random number and a timeindication.
 26. A computer program product arranged to conditioncomputing apparatus, when installed thereon, to provide: means forencrypting first data using both an encryption key string comprisingsoftware code downloaded by the apparatus from a software provider or arepresentation of that code, and public data of a party with rights inthe software code; means for providing the encrypted first data and saidencryption key string to the software provider; means for receiving backthird data from the software provider, and means for comparing the thirddata with the first data, and for generating an indication that thesoftware code is valid if the first and third data match.